Known Vulnerabilities for products from Espressif
Listed below are 18 of the newest known vulnerabilities associated with the vendor "Espressif".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Additional devices specifications by Espressif can be found at device.report : Espressif
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2023-46894 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.5 - HIGH | 2023-11-09 | 2023-11-15 |
| CVE-2023-35818 json | An issue was discovered on Espressif ESP32 3.0 (ESP32_rev300 ROM) devices. An EMFI attack on ECO3 provides the attacker with ... | 6.8 - MEDIUM | 2023-07-17 | 2023-07-28 |
| CVE-2022-24893 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 8.8 - HIGH | 2022-06-25 | 2022-07-08 |
| CVE-2021-41104 json | ESPHome is a system to control the ESP8266/ESP32. Anyone with web_server enabled and HTTP basic auth configured on version 20... | 7.5 - HIGH | 2021-09-28 | 2021-10-07 |
| CVE-2021-34173 json | An attacker can cause a Denial of Service and kernel panic in v4.2 and earlier versions of Espressif esp32 via a malformed be... | 7.5 - HIGH | 2021-07-14 | 2021-07-27 |
| CVE-2021-28139 json | The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier does not properly restrict the Feature Page upon re... | 8.8 - HIGH | 2021-09-07 | 2021-09-09 |
| CVE-2021-28136 json | The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier does not properly handle the reception of multiple ... | 6.5 - MEDIUM | 2021-09-07 | 2021-09-09 |
| CVE-2021-28135 json | The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier does not properly handle the reception of continuou... | 6.5 - MEDIUM | 2021-09-07 | 2022-07-12 |
| CVE-2020-16146 json | Espressif ESP-IDF 2.x, 3.0.x through 3.0.9, 3.1.x through 3.1.7, 3.2.x through 3.2.3, 3.3.x through 3.3.2, and 4.0.x through ... | 7.5 - HIGH | 2021-01-12 | 2021-01-20 |
| CVE-2020-13595 json | The Bluetooth Low Energy (BLE) controller implementation in Espressif ESP-IDF 4.0 through 4.2 (for ESP32 devices) returns the... | 6.5 - MEDIUM | 2020-08-31 | 2020-09-08 |
| CVE-2020-13594 json | The Bluetooth Low Energy (BLE) controller implementation in Espressif ESP-IDF 4.2 and earlier (for ESP32 devices) does not pr... | 6.5 - MEDIUM | 2020-08-31 | 2020-09-08 |
| CVE-2020-12638 json | An encryption-bypass issue was discovered on Espressif ESP-IDF devices through 4.2, ESP8266_NONOS_SDK devices through 3.0.3, ... | 6.8 - MEDIUM | 2020-07-23 | 2021-07-21 |
| CVE-2019-17391 json | An issue was discovered in the Espressif ESP32 mask ROM code 2016-06-08 0 through 2. Lack of anti-glitch mitigations in the f... | 4.6 - MEDIUM | 2019-11-14 | 2020-08-24 |
| CVE-2019-15894 json | An issue was discovered in Espressif ESP-IDF 2.x, 3.0.x through 3.0.9, 3.1.x through 3.1.6, 3.2.x through 3.2.3, and 3.3.x th... | 6.8 - MEDIUM | 2019-10-07 | 2020-08-24 |
| CVE-2019-12588 json | The client 802.11 mac implementation in Espressif ESP8266_NONOS_SDK 2.2.0 through 3.1.0 does not validate correctly the RSN A... | 6.5 - MEDIUM | 2019-09-04 | 2019-09-09 |
| CVE-2019-12587 json | The EAP peer implementation in Espressif ESP-IDF 2.0.0 through 4.0.0 and ESP8266_NONOS_SDK 2.2.0 through 3.1.0 allows the ins... | 8.1 - HIGH | 2019-09-04 | 2020-08-24 |
| CVE-2019-12586 json | The EAP peer implementation in Espressif ESP-IDF 2.0.0 through 4.0.0 and ESP8266_NONOS_SDK 2.2.0 through 3.1.0 processes EAP ... | 6.5 - MEDIUM | 2019-09-04 | 2020-08-24 |
| CVE-2018-18558 json | An issue was discovered in Espressif ESP-IDF 2.x and 3.x before 3.0.6 and 3.1.x before 3.1.1. Insufficient validation of inpu... | 6.4 - MEDIUM | 2019-05-13 | 2023-11-07 |
Known software with vulnerabilities from Espressif
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Espressif | Arduino-esp32 | - |
| Application | Espressif | Arduino Esp8266 | 2.0.0 |
| Application | Espressif | Esp-idf | 0.9 |
| Hardware | Espressif | Esp32 | - |
| Hardware | Espressif | Esp32-d0wd | - |
| Operating System | Espressif | Esp32-d0wd Firmware | - |
| Hardware | Espressif | Esp32-d2wd | - |
| Operating System | Espressif | Esp32-d2wd Firmware | - |
| Hardware | Espressif | Esp32-pico-d4 | - |
| Operating System | Espressif | Esp32-pico-d4 Firmware | - |
| Hardware | Espressif | Esp32-s0wd | - |
| Operating System | Espressif | Esp32-s0wd Firmware | - |
| Application | Espressif | Esp8266 Nonos Sdk | 2.0.0 |
| Application | Espressif | Esp8266 Rtos Sdk | - |